惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

AI
AI
G
Google Developers Blog
T
Tailwind CSS Blog
大猫的无限游戏
大猫的无限游戏
量子位
月光博客
月光博客
美团技术团队
阮一峰的网络日志
阮一峰的网络日志
罗磊的独立博客
T
The Exploit Database - CXSecurity.com
C
CXSECURITY Database RSS Feed - CXSecurity.com
Latest news
Latest news
P
Privacy International News Feed
www.infosecurity-magazine.com
www.infosecurity-magazine.com
WordPress大学
WordPress大学
博客园 - 三生石上(FineUI控件)
TaoSecurity Blog
TaoSecurity Blog
Hacker News: Ask HN
Hacker News: Ask HN
Hugging Face - Blog
Hugging Face - Blog
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
C
Cisco Blogs
Project Zero
Project Zero
Security Latest
Security Latest
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
人人都是产品经理
人人都是产品经理
Scott Helme
Scott Helme
S
Securelist
有赞技术团队
有赞技术团队
T
Threat Research - Cisco Blogs
N
News | PayPal Newsroom
博客园 - 聂微东
小众软件
小众软件
S
SegmentFault 最新的问题
D
Darknet – Hacking Tools, Hacker News & Cyber Security
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
P
Privacy & Cybersecurity Law Blog
博客园 - Franky
Cyberwarzone
Cyberwarzone
Cisco Talos Blog
Cisco Talos Blog
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Spread Privacy
Spread Privacy
A
Arctic Wolf
S
Security @ Cisco Blogs
The Hacker News
The Hacker News
腾讯CDC
博客园 - 【当耐特】
T
Troy Hunt's Blog
NISL@THU
NISL@THU
爱范儿
爱范儿

neverland

‘Welcome datacomp’ n memory of the man who put red and green squiggles under words Photos Note Photos Photos Photos pikabubu 在香港骑共享单车:访客视角的经验 Day for Night 一个冷门的速查日历方法 Note Love Is to Be Invested in Someone’s Continual Expansion Photos Photos Note Photos Photos Photos Repetitive Cycles The Slow Death of the Power User Photos Photos Photos Photos The Life and Times of an American Tween Photos AI 裁员潮卑鄙生存指南 The Unethical Guide to Surviving AI Layoffs True resilience is not about bouncing back Note Note Note Photos Most vibe-coded tools are not for you BEWARE SOFTWARE BRAIN Photos Note Photos Note Photos Photos Photos Photos Photos Magic by Return of Post: How Mail Order Delivered the Occult What exactly is an executive chair, Tim Cook’s new position? Kwai Chung Plaza Chun Fa Lok, Tsing Yi LOHAS — Tseung Kwan O Exhibition: Dieter Rams — Less, but better (HKDI Gallary) Photos 中文 Markdown 强调标记的渲染问题 ​How to walk through walls The Passions and the Interests 关于深圳过港看电影 Macau Note Photos Keyboard Warrior Why chatbot therapists can’t offer what we need How to get to know your neighbourhood Ap Lei Chau — Aberdeen Spider Trees, Tin Shui Wai Agent Experience 导论 Geist in the machine Why Tech Bros Are Now Obsessed with Taste 司法 AI 的分阶段发展模式 Fanling The capacity to be alone depends on the sense of being held Labubu’s noodle house Art Central 2026 “This Is Not The Computer For You” On tools and toolmaking Read the macOS update progress bar Use Obsidian Sync on Desktop without Installing Obsidian Skirt length oscillations Windows 95 defenses against installers that overwrite a file with an older version Do You Actually Have to Finish That Novel? Chung Ying Street Tangkengbei Reserviors & Greenway 黄金“避险逻辑”是否失效? Gendered Genres: Women’s Poetry in Post-Mao China 消失在辩护席上的个人电脑 Hong Kong Flower Show What Will Happen When All the Male Therapists Are Gone? 從廚房到鏡頭,再回到廚房:美食、食慾與現代自我 WikiProject AI Cleanup/Guide 个人破产之外:债务清零能否让企业家重新创业 How Kernel Anti-Cheats Work: A Deep Dive into Modern Game Protection A Psychoanalyst Lets Us Eavesdrop The Sexologist Who Unlocked the Female Orgasm HKCU — Fo Tan — Shek Mun (A Lack of) Regulations on Ticket Scalping in Hong Kong “AUT NIHILO” Hong Kong aut nihilo The Great Syllabus Stagnation How to reconnect with your inner child Romance books: Why are so many novels in first person and not third person now? Oura 质保换新过程 香港地名“灣”的特殊讀法
HTTPS certificates in the age of quantum computing
2026-03-11 · via neverland

Daroc Alden:

Depending on the algorithm in question, post-quantum cryptography can produce signatures much larger than comparable traditional algorithms. ML-DSA-44, which is a standardized post-quantum signature scheme thought to have security similar to Ed25519 signatures, produces signatures 37 times larger. Naively adopting post-quantum signatures for authentication could cause certificate chains to take up more data than the actual content of the web site in question […]

The solution that the new working group (called “PKI, Logs, and Tree Signatures” or PLANTS) has been discussing inverts the relationship between signatures from certificate authorities and the transparency logs. Currently, a certificate authority first creates a certificate, then logs it in a certificate-transparency log, and then optionally includes the signature from the log in the certificate as a piece of additional information. This is, in some sense, redundant: the information that the certificate is valid is already present in the certificate-transparency log, so why send the client any information other than proof that it appears in the log?

Instead of having a chain of signatures in a certificate to represent some transitive relationship between a certificate authority and a root of trust, the third-party observers would add their signatures to a certificate authority’s log as they validate it. A browser can choose its own criteria for which third-party observers it trusts, and whether it requires a quorum of them before accepting the state of an issuance log.

The certificate seen by the client would therefore no longer be a chain of signatures leading back to a root of trust: it would be a set of signatures from the certificate authority and any relevant observers attesting to the state of the issuance log, plus a proof that the web server’s public key was included in the issuance log. This constitutes what PLANTS calls a “full” certificate. For an individual web site, a full certificate doesn’t decrease the number of needed signatures; but since the issuance logs are append-only, if a browser has already verified the issuance log for a certificate authority up to some checkpoint, it doesn’t need to see the signatures for that checkpoint again. Instead, it can ask the server to just send the proof that the server’s public key appeared in the log prior to that point — a “signatureless” certificate that should be substantially smaller.

To prove that a leaf node belongs to a tree with a given root node, it suffices to provide the hashes of the other nodes that are “adjacent” to the path from the leaf to the root […] The number of additional hashes to provide grows logarithmically with the size of the tree. And, since cryptographic hashes aren’t vulnerable to the same kinds of quantum attacks as public-key cryptography, the size of a Merkle inclusion proof like this doesn’t change when switching to post-quantum cryptography.

To prevent an issuance log from growing without bound, older entries are periodically pruned as they expire. This might seem to be at odds with the append-only nature of an issuance log, but since expired certificates shouldn’t validate correctly anyway, the certificate authority can delete the corresponding leaf nodes and any internal nodes that are therefore no longer usable in actual proofs. The tree maintains the same conceptual size, but the on-disk storage requirements remain proportional to the number of active certificates.